September 28, 2017 by

Sonic Drive-In Breach Could See Info of Millions of Credit, Debit Cards Stolen

Drive-in restaurant chain Sonic is the latest major company to be the target of a significant data breach.

Fast-food chain Sonic Drive-In, with nearly 3,600 locations in 45 U.S. states has admitted to a data breach affecting a yet-unknown number of payment systems. According to Krebson Security, the data breach could have possibly led to a major sale of millions of stolen credit and debit card details on underground cybercrime forums.

The company has said it is unclear as to just how many restaurants or customers may have been impacted.

A statement from Sonic reads:

We are working to understand the nature and scope of this issue. While law enforcement limits the information we can share, we will communicate additional information as we are able.

In his blog, Brian Krebs revealed he first picked up patterns of a major breach after a pattern of fraudulent transactions on cards previously used at Sonic restaurants. Krebs then cross-referenced a new batch of some five million credit and debit card accounts put up for sale on a underground forum, with banking sources who confirmed they were recently used at Sonic locations.

Upon contacting Sonic, the company soon responded that it was investigating a “potential incident” at store locations.

In responding to Krebs’ security blog, Sonic stated:

Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC… We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.

The hackers are likely to have gained remote access to point-of-sale card machines at Sonic store locations. The incident sees parallels with another major credit breach at fast-food chain Wendy’s. Wendy was having a particularly hard time in fixing the situation as the majority of the breached locations were independently-owned franchises rather than corporate-owned outlets.

‘The Wendy’s breach was extremely costly for card-issuing banks and credit unions, which were forced to continuously re-issue customer cards that kept getting re-compromised every time their customers went back to eat at another Wendy’s,” Krebs explained.

Indeed, some 90% of Sonic locations in the country are also franchised, which leaves room the possibility of another fiasco.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward